Merge "binder: Tweak overflow check for readability" am: 5caafddc6b

Original change: https://android-review.googlesource.com/c/platform/frameworks/native/+/2106895 Change-Id: I87e29b8a7c6ff89aec286509ad4868eb6429be36 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
author: Treehugger Robot <treehugger-gerrit@google.com> 2022-06-03 05:53:00 +0000
committer: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> 2022-06-03 05:53:00 +0000
commit: 1c60c225f81f8c9c6d14145fecf51b52b47ac19f (patch)
tree: 4cff84e68148755c41f840e3a1fc562ecd8dc768
parent: a56ffcdeef67ca5ac0f7f5cf03231a1db5561f15 (diff)
parent: 5caafddc6ba268b60a3c3be97b39e073c342c295 (diff)
download: native-1c60c225f81f8c9c6d14145fecf51b52b47ac19f.tar.gz
1 files changed, 7 insertions, 10 deletions
diff --git a/libs/binder/RpcState.cpp b/libs/binder/RpcState.cpp
index 4ef9cd859d..2a8e9c1d8b 100644
--- a/libs/binder/RpcState.cpp
+++ b/libs/binder/RpcState.cpp
@@ -493,14 +493,13 @@ status_t RpcState::transactAddress(const sp<RpcSession::RpcConnection>& connecti
         }
     }
 
-    LOG_ALWAYS_FATAL_IF(std::numeric_limits<int32_t>::max() - sizeof(RpcWireHeader) -
-                                        sizeof(RpcWireTransaction) <
-                                data.dataSize(),
+    uint32_t bodySize;
+    LOG_ALWAYS_FATAL_IF(__builtin_add_overflow(sizeof(RpcWireTransaction), data.dataSize(),
+                                               &bodySize),
                         "Too much data %zu", data.dataSize());
-
     RpcWireHeader command{
             .command = RPC_COMMAND_TRANSACT,
-            .bodySize = static_cast<uint32_t>(sizeof(RpcWireTransaction) + data.dataSize()),
+            .bodySize = bodySize,
     };
 
     RpcWireTransaction transaction{
@@ -940,14 +939,12 @@ processTransactInternalTailCall:
         replyStatus = flushExcessBinderRefs(session, addr, target);
     }
 
-    LOG_ALWAYS_FATAL_IF(std::numeric_limits<int32_t>::max() - sizeof(RpcWireHeader) -
-                                        sizeof(RpcWireReply) <
-                                reply.dataSize(),
+    uint32_t bodySize;
+    LOG_ALWAYS_FATAL_IF(__builtin_add_overflow(sizeof(RpcWireReply), reply.dataSize(), &bodySize),
                         "Too much data for reply %zu", reply.dataSize());
-
     RpcWireHeader cmdReply{
             .command = RPC_COMMAND_REPLY,
-            .bodySize = static_cast<uint32_t>(sizeof(RpcWireReply) + reply.dataSize()),
+            .bodySize = bodySize,
     };
     RpcWireReply rpcReply{
             .status = replyStatus,
author	Treehugger Robot <treehugger-gerrit@google.com>	2022-06-03 05:53:00 +0000
committer	Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-06-03 05:53:00 +0000
commit	1c60c225f81f8c9c6d14145fecf51b52b47ac19f (patch)
tree	4cff84e68148755c41f840e3a1fc562ecd8dc768
parent	a56ffcdeef67ca5ac0f7f5cf03231a1db5561f15 (diff)
parent	5caafddc6ba268b60a3c3be97b39e073c342c295 (diff)
download	native-1c60c225f81f8c9c6d14145fecf51b52b47ac19f.tar.gz